Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-12329 | Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 6.3 |
| 2017-11-30 | CVE-2017-12328 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1) A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. | 5.8 |
| 2017-11-30 | CVE-2017-12297 | Improper Input Validation vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. | 5.0 |
| 2017-11-16 | CVE-2017-12350 | Use of Hard-coded Credentials vulnerability in Cisco Umbrella Insights Virtual Appliance A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. | 8.2 |
| 2017-11-16 | CVE-2017-12337 | Improper Authentication vulnerability in Cisco products A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. | 9.8 |
| 2017-11-16 | CVE-2017-12323 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12322 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12321 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12320 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12318 | Resource Exhaustion vulnerability in Cisco RF Gateway 1 Firmware A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. | 7.5 |